CVE-2025-20258 | Cisco Duo Self-Service Portal command injection (cisco-sa-duo-ssp-cmd-inj-RCmYrNA)
A vulnerability classified as critical has been found in Cisco Duo. Affected is an unknown function of the component Self-Service Portal. The manipulation leads to command injection.
This vulnerability is traded as CVE-2025-20258. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.